Collaborate Disseminate
If an application has an RMI API that’s used internally (servers communicating with one another), is the information coming from those calls considered trusted or validation is still required?
I can’t find a lot of details … Continue reading Is RMI considered untrusted input even with TLS?
An interesting feature of HTML5 is the <input pattern=”” /> attribute, which allows the browser to validate the input field’s value against a regular expression provided by the developer.
Subsequently, this binds to th… Continue reading Is HTML5 input pattern validation sufficient (or even relevant) for client-side validation?
While changing password, in my application I am performing only JS validation for password and confirm password field values. It is recommended to have server side validations. But confirm password serves purpose for user to … Continue reading What is at risk if I do not validate Confirm Password on server side and only perform this validation on client side?
I am working with a system that allows users to upload CSV files, that are downloaded by other users.
The system validates (amongst other things) that all CSV files can be parsed by an RFC 4180 compliant parser, and are vali… Continue reading Can a CSV contain malicious code?
I am having a lot of trouble understanding where I as a developer can validate the data that my users send to me. Let’s say for a simple example I have a web page where it has a simple form that contains three fields:
Name -> text fiel… Continue reading How to validate user input
I am looking for the file name pattern to use it in the input validation.
I need the pattern that prevent me from XSS attacks.
Here I can find one pattern: https://www.owasp.org/index.php/OWASP_Validation_Regex_Repository
I was looking into some papers regarding proof of data possession like this or thisin cloud storage where you can ask for the proof of the data stored in the cloud storage by giving some kind of challenge to the server and se… Continue reading Proof of data possesion in cloud storage where you cant do calculation to the object stored in the server
This question is on one hand very specific to the Datomic database, but on the other hand applies to LISP dialects in general.
I’ve asked here whether arguments supplied to a query would be filtered based on type.
To make t… Continue reading security in functional programming [on hold]
I have some data and want to prove it’s integrity during time, i.e. prove that a certain state of the data was present a a certain date.
For this reason I commit the data to a git repository I keep by myself (and at bitbucket).
Now I pla… Continue reading Does git commit hash prove the history until that point?
I have some data and want to prove it’s integrity during time, i.e. prove that a certain state of the data was present a a certain date.
For this reason I commit the data to a git repository I keep by myself (and at bitbucke… Continue reading Does is git commit hash prove the history until that point?